Today the FCC announced that it plans to fine two carriers $10 million for multiple violations of telecommunications privacy laws. The carriers, TerraCom and YourTel, reportedly stored over 300,000 low-income consumers’ applications for the Lifeline program for several months on unprotected Internet servers that anyone in the world could access. The Lifeline program provides discounted service based on financial need, and applications for the service contain private and highly sensitive information, including Social Security numbers, names, addresses, and driver’s license numbers. When the carriers discovered the problem, they failed to notify all potentially affected consumers. At the time, the carriers’ privacy policies stated that they used “technology and security features to safeguard the privacy of your customer specific information from unauthorized access or improper use.”
The carriers allegedly violated privacy provisions of the Communications Act both by failing to reasonably protect consumers’ private information and by failing to notify consumers of the problem.
The following can be attributed to Laura Moy, staff attorney at Public Knowledge:
“Public Knowledge applauds the Commission for this, the second major enforcement action the Commission has taken to protect telecommunications consumers’ privacy in as many months, and the largest privacy enforcement action in FCC history. The Communications Act gives the Commission broad authority to enforce some of the strongest federal privacy protections on the books, and this action leaves no question that it takes that authority seriously.
“Telecommunications are vital services, and consumers have no choice but to share highly sensitive information with carriers in order to obtain those services. This is particularly the case for low-income consumers who must provide even more information to prove financial eligibility for the Lifeline program. Consumers need to be able to trust that carriers will respect their privacy and take reasonable steps to keep private information secure.
“Rather than respecting consumers’ privacy, however, TerraCom and YourTel demonstrated a reckless disregard for it. Worse, they didn’t even notify all affected consumers so that those affected could take steps to protect themselves from identity theft.
“With the FCC vigorously enforcing the privacy provisions of the Communications Act, we hope that carriers will see fit to reexamine their privacy practices to ensure that they are in full compliance with the law.”
Members of the media may contact Communications Director Shiva Stella with inquiries, interview requests, or to join the Public Knowledge press list at email@example.com or 405-249-9435.